SlideShare a Scribd company logo

Future of identity - growing demand

Download as PPTX, PDF
Newsquare
Newsquare

The document discusses future directions for identity management and electronic identification (eID). It notes growing demand for identity assurance globally due to increasing regulations, digital payments, and cross-border interactions. Several countries have implemented national eID systems with varying levels of assurance and functionality. High assurance eIDs that can be used across borders and support commercial processes are most valued. Moving eIDs to mobile could reduce costs and open opportunities. National eID programs should focus on level 3 or 4 assurance for high value, functionality, and future interoperability.

Government & Nonprofit
1 of 21
Future of Identity 1info@bbfa.info Identity Global Context - Growing Demand 1 Sep 16, Tallinn Patrick Curry Patrick.curry@bbfa.info
Social Norms • We have social norms of behaviour built over millennia • Society runs on trust = • We act in groups – Individually – Organisationally – Nationally – Internationally • Disruptive change – Villains – Heroes 2
Biggest problem – Tower of Babel • We are all affected by the same things • Laws of physics still the same • Yet… A gazillion point solutions • Darwinian outcome certain: – Centralise; or, – Interoperate • Follow the herd • VHS vs Betamax 3
eIDAS history • European Digital Agenda Key Points 3 and 16 • EU WG to develop an EU Citizen eID specification • DG HOME Expert Group on ID Fraud. Europol reports ID Fraud top enabler of crime. Council action requested. • Ad hoc eID tech demonstrators leading to STORK • STORK large scale pilot • DG CONNECT project to develop eID interop policy • eIDAS Regulation published. Compliance by Sep 2017. • Comparisons with international standards and regulations. 4info@bbfa.info
Legislation • eIDAS. eID Authentication & Digital Signature Regulation – Citizen eID recognised in all Member States for public purposes • NISD. Network Information Security Directive – Data breach notification to regulators and EU • GDPR. General Data Protection Regulation – Pseudonymity – Preventing a person becoming identifiable • 4th Anti Money Laundering Directive – Customer due diligence checking requirements, reporting suspicious transactions, maintain records of payments, combat money laundering & terrorist financing activities – Registers for beneficiary traceability • Payment Services Directive 2 (PSD2) – Expands use of digital payments and cross-border payment flexibility – Expanded scope. Includes new digital payment services – New security, insurance and due diligence requirements 5info@bbfa.info
6 Citizen Consumer Employee - IndustryEmployee - Gov 4 Contexts of Identity Plus: •Device ID •Organisation ID •Software Authentication •Data Authentication
ISO/IEC 29115 – Entity Authentication Assurance Framework 7info@bbfa.info
The Basic Electronic Credential Lifecycle* Sponsorship Application Initial Verification Proofing documents Full Verification Registration Approve ? Provisioning Order credential Data preparation Data transfer Print credential Data injection into chip Enrolment Validation & Quality check Secure transport Customer notification PIN issuance Customer receipt Authenticate User Authenticate credential Activate credential Issuance Interview Suspend Revoke Use Manage Use (See Trust Framework) Destroy Renew ? Stop N Y Restart (point depends on policy) * Ignores supporting information management
Governance • Community of trust. Transparency • Shared objectives • Collaborative governance of risk stakeholders • Liability model • Six elements – Policy Management Authority & Technical Design Authority – Trust Operations – Assurance – Enforcement and trust repair – Company responsibilities – Community & stakeholder management 9info@bbfa.info
info@bbfa.info Levels of Assurance  We need to identify ourselves to others, and vice versa, in a wide range of situations and particularly for electronic activities, which may require different Levels of Assurance. 1. LoA 4. Extra measures. 3 factor authentication (with second biometric). Strong hardware token. Optional federated Physical Access Control. Used in highly secure situations. 2. LoA 3.. High confidence in identity. Legally robust non- repudiation. 2 Factor Authentication E.g. employee authentication, digital signature, ID based encryption, secure email. 3. LoA 2. Some confidence of Identity. Expect some failures. Financial liability model E.g. credit cards, Know Your Customer. 4. LoA 1. Self assertion. E.g. mickey.mouse@microsoft.com. 4 Levels Of Assurance
Major strategic drivers - national, international, market • Increasing regulations • Consumer centricity & omnichannel • Card/mobile payments • Global supply chains • Cross-sector interactions • Banking and payments systems • Border controls, migration & refugees • Risk management – Opportunity – Cybercrime – Compliance – Complexity – Branding & reputation 11info@bbfa.info
12 Citizen Consumer Employee - Gov Employee - Industry 9/11 HSPD 12 FIPS 201 - PIV FIPS 201 – PIV - Interoperable ITU-T/ISO 24760/29115 Supply chain collaboration CertiPath/SAFEBioPh arma Kantara Initiative Identity Assurance Framework Borders Police NATO SESAR Legal Energy Pharma Aero space 3 4 3 4 1 2 Hardly used = weak business case? OIX Google Facebook 1 1 Credit cards HACC?NFC?? 2 3 2 3 US NSTIC ? Good Federation
13 British Business Federation Authority - office@federatedbusiness.org 13 Potential Gov & Ind CSPs EADS/Cassidian, Citi, Entrust, SAFE/BioPharma, Symantec, Trustis Early Adopters Cross Certified Orgs: MOD NHS NPIA/Police DWP+ LoA 2+ Brokers CertiPath Aero/Def UK PKI Bridge SAFE- BioPharma Potential UK CSPs: Citi, EADS, Entrust, Symantec, (Emerging Bridge) Level 3+ Identity Federations (PKI) - a UK perspective Potential UK CSPs: Citi, EADS, Entrust, Symantec, Verizon Business+ Other Potential National Bridges or CAs: USA, Australia, Canada, NZ, NL, BE, FR, DE, IT+, NO, SWE, ESP Interpol, EU, NATO Any nation could put itself at the centre…
Some EU National e-ID initiatives Nation Name Purpose Population LoA Biometrics Features Remarks Estonia ID E-gov, Societal 1.3 M + 4 Face Auth, Sign, Encrypt Estonia E-residency E-gov & business 8M target 3 Nil Auth, Sign, Encrypt 10 k today Belgium .beID Societal 12 M 3 Face Auth, Sign, Encrypt Germany Personal ausweis E-gov 80 M + 3/4 Face Auth, Sign, Encrypt Low adoption of eID France France Connect E-gov Starting 2/3? ? ? UK Verify Limited E-gov 50 M 2 Nil Auth 333 k 1.5 uses/year Austria Personal ausweis E-gov 10 M 3/4 Face Auth, Sign, Encrypt NL DigID E-gov 12 M 3 Face Auth, Sign Tax only Malta E-ID E-gov 400 k 3 Face Auth Voting Ireland ID card Travel 5M 3 Face Auth Requires passport
Lessons • Top Lesson. Be clear – is the e-ID to benefit the government or the nation? Legal, benefit and business models are very different. • Cards for e-Gov have a low adoption & usage rates and little value. People forget where they are and how to use them. Gov unable to achieve major savings and have to maintain manual systems • Cards for societal use have reasonable adoption and use, but benefits are not significant • Cards that assist commercial processes (e.g. KYC, AML, company management, contract signing, power of attorney) are highly valued and used. • Cards that can be used across borders are more valued. (High demand for Estonia e-Residency card). Other nations thinking of following Estonian model. • Move to mobile will open more opportunities, reduce operating costs and be more secure. Opportunity for the ID to make money. 15info@bbfa.info
Other National e-ID initiatives Nation Name Purpose Population LoA Biometrics Features Remarks Malaysia My Kad E-Gov, societal, bank, email 30 M 4 Face, finger Auth, sign, encrypt 1st e-ID NZ RealMe E-Gov, online services 5 M 3 Face, (video) Auth Japan My Number E-Gov 130 M 3/4 Face, ? Auth, ? Disaster services Korea (New project) E-Gov 40 M 3/4 Face, ? Auth, sign, encrypt Resident Registration Number fraud Singapore E-IC e-Gov, societal, bank 5 M 3/4 Face, ? Auth, sign, encrypt Design stage Nigeria e-ID E-gov, societal 180 M 4 Face, finger Auth, sign, encrypt Agricultural subsidy fraud Kenya (new project) E-Gov 44 M ? Face, finger India Aadhar Societal 1 bn + 3/4 Face, Iris, retina Auth, Sign, Encrypt Largest deployment US NSTIC Industry-led societal ? 2/3 ? Auth Online only. Pilots US 18F E-gov 300 M 3/4 Face, finger, ? Auth, Sign, Encrypt Design stage China Starts 2017 E-Gov or societal 1.4 bn 4 Multiple Auth, ?? Counter fraud
Lessons #2 • Top lesson. Go to LoA 3 or LoA 4. • US. Started with Federal & business high assurance PKI. NL followed suit. • NZ. Focusing on identity proofing and biometrics • Industrial Asian countries are mainly LoA 4, which allows for high interaction between society and business. – S. Korean Government and industry PKIs are cross-certified (like NL and EE) – China expanding its PKI. Over 800 Certificate Authorities today – Malaysia PKI for business, links to government – Kenya is likely to expand its MPESA network to support a new e- ID. 17info@bbfa.info
National e-ID Choices • Scope – Nation-born citizens – Naturalised citizens – EU nationals – EEA – Foreign nationals – Refugees • Age - Children, old persons • Functions – Authentication, signature, encryption – Proxy, Power of Attorney – Financial, wallet • Use cases – E-gov, tax, pensions & benefits – Health and patient records – Payments – Transport – Travel & border control 18info@bbfa.info Key points • Trade Off – High LoA: High value, functionality, use cases, interoperability, future proofing, reduced risk. But high cost. – Low LoA: Limited use, value and future. Can’t interoperate. Not trusted. High risk but cheap. Liability issues. • Leading nations are basing digital innovation on high assurance e-ID
19info@bbfa.info HMG Office of Government Science report for UK Prime Minister Published 19 Jan 2016 Two ministers leading in HMG Industry collaboration NL and EE participation starting Identity & Access Management essential
eResidency has huge potential! • It’s a step ahead of everyone else • What does it need to do to remain ahead? 20info@bbfa.info
10 Major Conclusions 1. Innovate – Clear goals. Learn through success & failure. Use case driven - follow the money. First mover advantage. Make eResidency an eID? More functions? 2. Accelerate – Focus, speed and scale. Smart phones and block chains 3. Differentiate – cross-border e-IDs support high assurance e-IDs in chains of trust, leveraging national e-IDs 4. Federate – with other high assurance IDs 5. Interoperate - data, policy, system interoperability. Re-use. Standards 6. Collaborate – 98%+ of transactions involve industry 7. Communicate – create a community and executive awareness 8. Coordinate – with others 9. Mitigate – Collaborative risks. Brand protection 10. Regulate – privacy and public safety 21info@bbfa.info

Recommended

Age Verification: Reaching a Tipping Point
Age Verification: Reaching a Tipping PointAge Verification: Reaching a Tipping Point
Age Verification: Reaching a Tipping PointDr Rachel O'Connell
 
5 nov gsma_eema
5 nov gsma_eema5 nov gsma_eema
5 nov gsma_eemaDr Rachel O'Connell
 
Better use of data
Better use of dataBetter use of data
Better use of dataJerry Fishenden
 
UK Government identity initiatives since the late 1990s - IDnext 2015
UK Government identity initiatives since the late 1990s - IDnext 2015UK Government identity initiatives since the late 1990s - IDnext 2015
UK Government identity initiatives since the late 1990s - IDnext 2015Jerry Fishenden
 
Bashar H. Malkawi, Global IP and technology disputes forum
Bashar H. Malkawi, Global IP and technology disputes forumBashar H. Malkawi, Global IP and technology disputes forum
Bashar H. Malkawi, Global IP and technology disputes forumBashar H Malkawi
 
E commerce
E commerceE commerce
E commerceJed Concepcion
 
What Should The Public Sector Demand Jerry Fishenden 15.05.2009
What Should The Public Sector Demand Jerry Fishenden 15.05.2009What Should The Public Sector Demand Jerry Fishenden 15.05.2009
What Should The Public Sector Demand Jerry Fishenden 15.05.2009Jerry Fishenden
 
Beyond the Internet: Seamless Global Communication
Beyond the Internet: Seamless Global CommunicationBeyond the Internet: Seamless Global Communication
Beyond the Internet: Seamless Global CommunicationJerry Fishenden
 

Recommended

Age Verification: Reaching a Tipping Point
Age Verification: Reaching a Tipping PointAge Verification: Reaching a Tipping Point
Age Verification: Reaching a Tipping PointDr Rachel O'Connell
 
5 nov gsma_eema
5 nov gsma_eema5 nov gsma_eema
5 nov gsma_eemaDr Rachel O'Connell
 
Better use of data
Better use of dataBetter use of data
Better use of dataJerry Fishenden
 
UK Government identity initiatives since the late 1990s - IDnext 2015
UK Government identity initiatives since the late 1990s - IDnext 2015UK Government identity initiatives since the late 1990s - IDnext 2015
UK Government identity initiatives since the late 1990s - IDnext 2015Jerry Fishenden
 
Bashar H. Malkawi, Global IP and technology disputes forum
Bashar H. Malkawi, Global IP and technology disputes forumBashar H. Malkawi, Global IP and technology disputes forum
Bashar H. Malkawi, Global IP and technology disputes forumBashar H Malkawi
 
E commerce
E commerceE commerce
E commerceJed Concepcion
 
What Should The Public Sector Demand Jerry Fishenden 15.05.2009
What Should The Public Sector Demand Jerry Fishenden 15.05.2009What Should The Public Sector Demand Jerry Fishenden 15.05.2009
What Should The Public Sector Demand Jerry Fishenden 15.05.2009Jerry Fishenden
 
Beyond the Internet: Seamless Global Communication
Beyond the Internet: Seamless Global CommunicationBeyond the Internet: Seamless Global Communication
Beyond the Internet: Seamless Global CommunicationJerry Fishenden
 
Developing a corporate intelligence strategy from online sources
Developing a corporate intelligence strategy from online sourcesDeveloping a corporate intelligence strategy from online sources
Developing a corporate intelligence strategy from online sourcesEnterprise Security Risk Management
 
Gdpr and smart cities
Gdpr and smart citiesGdpr and smart cities
Gdpr and smart citiesBart Van Den Brande
 
CASE STUDY: NORWAY
CASE STUDY: NORWAYCASE STUDY: NORWAY
CASE STUDY: NORWAYForgeRock
 
Start2AIM Legal focus points for AI in Marketing
Start2AIM Legal focus points for AI in Marketing Start2AIM Legal focus points for AI in Marketing
Start2AIM Legal focus points for AI in Marketing Bart Van Den Brande
 
Privacy and E-Commerce
Privacy and E-CommercePrivacy and E-Commerce
Privacy and E-CommerceAleksandr Yampolskiy
 
How do you secure an electronic signature?
How do you secure an electronic signature?How do you secure an electronic signature?
How do you secure an electronic signature?XeniT Solutions nv
 
Customers in the cloud pulse final
Customers in the cloud pulse finalCustomers in the cloud pulse final
Customers in the cloud pulse finalFLUZO
 
National identity strategy presentation may 10, 2016
National identity strategy presentation may 10, 2016National identity strategy presentation may 10, 2016
National identity strategy presentation may 10, 2016Guy Huntington
 
The future of digital identity 2019 future agenda
The future of digital identity 2019 future agendaThe future of digital identity 2019 future agenda
The future of digital identity 2019 future agendaFuture Agenda
 
Internet and international electronic contracts(1)
Internet and international electronic contracts(1)Internet and international electronic contracts(1)
Internet and international electronic contracts(1)Gloria Esteban de la Universidad de Jaen
 
E commerce law and ethics
E commerce law and ethicsE commerce law and ethics
E commerce law and ethicsXophia Montawal
 
2007 presentation to the exec board of a high street bank - the workplace of...
2007 presentation to the exec board of a high street bank - the workplace of...2007 presentation to the exec board of a high street bank - the workplace of...
2007 presentation to the exec board of a high street bank - the workplace of...Jerry Fishenden
 
E business sme workshop
E business sme workshopE business sme workshop
E business sme workshopNixx F
 
The Politics of IT Security: Laptop Theft in the Public Sector
The Politics of IT Security: Laptop Theft in the Public SectorThe Politics of IT Security: Laptop Theft in the Public Sector
The Politics of IT Security: Laptop Theft in the Public SectorLapSafe Products
 
Basema aljaberi tra
Basema aljaberi traBasema aljaberi tra
Basema aljaberi traThe Internet Show ME 2011
 
eID and e-Signature (PKI) in Mercosul - Tools to support eGovernment and eBus...
eID and e-Signature (PKI) in Mercosul - Tools to support eGovernment and eBus...eID and e-Signature (PKI) in Mercosul - Tools to support eGovernment and eBus...
eID and e-Signature (PKI) in Mercosul - Tools to support eGovernment and eBus...Gerson Rolim
 
IT Security through governance, compliance and risk
IT Security through governance, compliance and riskIT Security through governance, compliance and risk
IT Security through governance, compliance and riskE Radar
 
[CB20] Defending Computer Criminals by Andrea Monti
[CB20] Defending Computer Criminals by Andrea Monti[CB20] Defending Computer Criminals by Andrea Monti
[CB20] Defending Computer Criminals by Andrea MontiCODE BLUE
 
Eng dagcoin-presentation-020617
Eng dagcoin-presentation-020617Eng dagcoin-presentation-020617
Eng dagcoin-presentation-020617ninobonz12
 
Consumer identity @ Tuesday Update on 1 December 2009
Consumer identity @ Tuesday Update on 1 December 2009Consumer identity @ Tuesday Update on 1 December 2009
Consumer identity @ Tuesday Update on 1 December 2009wegdam
 
Open Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital IdentityOpen Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital IdentityUbisecure
 
B12: AMLO | FinTech Situation in Thailand and Offshore and Money Laundering R...
B12: AMLO | FinTech Situation in Thailand and Offshore and Money Laundering R...B12: AMLO | FinTech Situation in Thailand and Offshore and Money Laundering R...
B12: AMLO | FinTech Situation in Thailand and Offshore and Money Laundering R...Kullarat Phongsathaporn
 

More Related Content

What's hot

Developing a corporate intelligence strategy from online sources
Developing a corporate intelligence strategy from online sourcesDeveloping a corporate intelligence strategy from online sources
Developing a corporate intelligence strategy from online sourcesEnterprise Security Risk Management
 
CASE STUDY: NORWAY
CASE STUDY: NORWAYCASE STUDY: NORWAY
CASE STUDY: NORWAYForgeRock
 
Start2AIM Legal focus points for AI in Marketing
Start2AIM Legal focus points for AI in Marketing Start2AIM Legal focus points for AI in Marketing
Start2AIM Legal focus points for AI in Marketing Bart Van Den Brande
 
How do you secure an electronic signature?
How do you secure an electronic signature?How do you secure an electronic signature?
How do you secure an electronic signature?XeniT Solutions nv
 
Customers in the cloud pulse final
Customers in the cloud pulse finalCustomers in the cloud pulse final
Customers in the cloud pulse finalFLUZO
 
National identity strategy presentation may 10, 2016
National identity strategy presentation may 10, 2016National identity strategy presentation may 10, 2016
National identity strategy presentation may 10, 2016Guy Huntington
 
The future of digital identity 2019 future agenda
The future of digital identity 2019 future agendaThe future of digital identity 2019 future agenda
The future of digital identity 2019 future agendaFuture Agenda
 
E commerce law and ethics
E commerce law and ethicsE commerce law and ethics
E commerce law and ethicsXophia Montawal
 
2007 presentation to the exec board of a high street bank - the workplace of...
2007 presentation to the exec board of a high street bank - the workplace of...2007 presentation to the exec board of a high street bank - the workplace of...
2007 presentation to the exec board of a high street bank - the workplace of...Jerry Fishenden
 
E business sme workshop
E business sme workshopE business sme workshop
E business sme workshopNixx F
 
The Politics of IT Security: Laptop Theft in the Public Sector
The Politics of IT Security: Laptop Theft in the Public SectorThe Politics of IT Security: Laptop Theft in the Public Sector
The Politics of IT Security: Laptop Theft in the Public SectorLapSafe Products
 
eID and e-Signature (PKI) in Mercosul - Tools to support eGovernment and eBus...
eID and e-Signature (PKI) in Mercosul - Tools to support eGovernment and eBus...eID and e-Signature (PKI) in Mercosul - Tools to support eGovernment and eBus...
eID and e-Signature (PKI) in Mercosul - Tools to support eGovernment and eBus...Gerson Rolim
 
IT Security through governance, compliance and risk
IT Security through governance, compliance and riskIT Security through governance, compliance and risk
IT Security through governance, compliance and riskE Radar
 
[CB20] Defending Computer Criminals by Andrea Monti
[CB20] Defending Computer Criminals by Andrea Monti[CB20] Defending Computer Criminals by Andrea Monti
[CB20] Defending Computer Criminals by Andrea MontiCODE BLUE
 
Eng dagcoin-presentation-020617
Eng dagcoin-presentation-020617Eng dagcoin-presentation-020617
Eng dagcoin-presentation-020617ninobonz12
 

What's hot (19)

Developing a corporate intelligence strategy from online sources
Developing a corporate intelligence strategy from online sourcesDeveloping a corporate intelligence strategy from online sources
Developing a corporate intelligence strategy from online sources
 
Gdpr and smart cities
Gdpr and smart citiesGdpr and smart cities
Gdpr and smart cities
 
CASE STUDY: NORWAY
CASE STUDY: NORWAYCASE STUDY: NORWAY
CASE STUDY: NORWAY
 
Start2AIM Legal focus points for AI in Marketing
Start2AIM Legal focus points for AI in Marketing Start2AIM Legal focus points for AI in Marketing
Start2AIM Legal focus points for AI in Marketing
 
Privacy and E-Commerce
Privacy and E-CommercePrivacy and E-Commerce
Privacy and E-Commerce
 
How do you secure an electronic signature?
How do you secure an electronic signature?How do you secure an electronic signature?
How do you secure an electronic signature?
 
Customers in the cloud pulse final
Customers in the cloud pulse finalCustomers in the cloud pulse final
Customers in the cloud pulse final
 
National identity strategy presentation may 10, 2016
National identity strategy presentation may 10, 2016National identity strategy presentation may 10, 2016
National identity strategy presentation may 10, 2016
 
The future of digital identity 2019 future agenda
The future of digital identity 2019 future agendaThe future of digital identity 2019 future agenda
The future of digital identity 2019 future agenda
 
Internet and international electronic contracts(1)
Internet and international electronic contracts(1)Internet and international electronic contracts(1)
Internet and international electronic contracts(1)
 
E commerce law and ethics
E commerce law and ethicsE commerce law and ethics
E commerce law and ethics
 
2007 presentation to the exec board of a high street bank - the workplace of...
2007 presentation to the exec board of a high street bank - the workplace of...2007 presentation to the exec board of a high street bank - the workplace of...
2007 presentation to the exec board of a high street bank - the workplace of...
 
E business sme workshop
E business sme workshopE business sme workshop
E business sme workshop
 
The Politics of IT Security: Laptop Theft in the Public Sector
The Politics of IT Security: Laptop Theft in the Public SectorThe Politics of IT Security: Laptop Theft in the Public Sector
The Politics of IT Security: Laptop Theft in the Public Sector
 
Basema aljaberi tra
Basema aljaberi traBasema aljaberi tra
Basema aljaberi tra
 
eID and e-Signature (PKI) in Mercosul - Tools to support eGovernment and eBus...
eID and e-Signature (PKI) in Mercosul - Tools to support eGovernment and eBus...eID and e-Signature (PKI) in Mercosul - Tools to support eGovernment and eBus...
eID and e-Signature (PKI) in Mercosul - Tools to support eGovernment and eBus...
 
IT Security through governance, compliance and risk
IT Security through governance, compliance and riskIT Security through governance, compliance and risk
IT Security through governance, compliance and risk
 
[CB20] Defending Computer Criminals by Andrea Monti
[CB20] Defending Computer Criminals by Andrea Monti[CB20] Defending Computer Criminals by Andrea Monti
[CB20] Defending Computer Criminals by Andrea Monti
 
Eng dagcoin-presentation-020617
Eng dagcoin-presentation-020617Eng dagcoin-presentation-020617
Eng dagcoin-presentation-020617
 

Similar to Future of identity - growing demand

Consumer identity @ Tuesday Update on 1 December 2009
Consumer identity @ Tuesday Update on 1 December 2009Consumer identity @ Tuesday Update on 1 December 2009
Consumer identity @ Tuesday Update on 1 December 2009wegdam
 
Open Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital IdentityOpen Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital IdentityUbisecure
 
B12: AMLO | FinTech Situation in Thailand and Offshore and Money Laundering R...
B12: AMLO | FinTech Situation in Thailand and Offshore and Money Laundering R...B12: AMLO | FinTech Situation in Thailand and Offshore and Money Laundering R...
B12: AMLO | FinTech Situation in Thailand and Offshore and Money Laundering R...Kullarat Phongsathaporn
 
Fintech Belgium - Meetup on Compliance / KYC - Frank Verhaest - Isabel Group
Fintech Belgium - Meetup on Compliance / KYC - Frank Verhaest - Isabel GroupFintech Belgium - Meetup on Compliance / KYC - Frank Verhaest - Isabel Group
Fintech Belgium - Meetup on Compliance / KYC - Frank Verhaest - Isabel GroupFinTech Belgium
 
Identity Growth Programs
Identity Growth ProgramsIdentity Growth Programs
Identity Growth ProgramsAlain Clo
 
National identity schemes - digital identity - national ID - eGovernment
National identity schemes - digital identity - national ID - eGovernmentNational identity schemes - digital identity - national ID - eGovernment
National identity schemes - digital identity - national ID - eGovernmentEric BILLIAERT
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and ComplianceBankingdotcom
 
Smartcard Helsinki Public ID conference
Smartcard Helsinki Public ID conferenceSmartcard Helsinki Public ID conference
Smartcard Helsinki Public ID conferenceFilipe Mello
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019Ulf Mattsson
 
Delivering Imperatives of Modern Organizations Such As Cybersecurity and Open...
Delivering Imperatives of Modern Organizations Such As Cybersecurity and Open...Delivering Imperatives of Modern Organizations Such As Cybersecurity and Open...
Delivering Imperatives of Modern Organizations Such As Cybersecurity and Open...IdentityNorthEvents
 
In 2018, Look at Turkey FinTech Landscape and Ecosystem
In 2018, Look at Turkey FinTech Landscape and EcosystemIn 2018, Look at Turkey FinTech Landscape and Ecosystem
In 2018, Look at Turkey FinTech Landscape and EcosystemPTT Bilgi Teknolojileri A.S.
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemSimon Aderinlola
 
Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?ITU
 
SG(Signgate) PKI Abroad Business
SG(Signgate) PKI Abroad Business SG(Signgate) PKI Abroad Business
SG(Signgate) PKI Abroad Business Jinhwan Shin
 
BCS ITNow 201509 - Identity
BCS ITNow 201509 - IdentityBCS ITNow 201509 - Identity
BCS ITNow 201509 - IdentityGareth Niblett
 
B11: Central IP & IT Court | FinTech: Legal and Regulatory Challenges (7 Aug ...
B11: Central IP & IT Court | FinTech: Legal and Regulatory Challenges (7 Aug ...B11: Central IP & IT Court | FinTech: Legal and Regulatory Challenges (7 Aug ...
B11: Central IP & IT Court | FinTech: Legal and Regulatory Challenges (7 Aug ...Kullarat Phongsathaporn
 
Oath appsec sf 2015 dem rev. 2
Oath appsec sf 2015 dem rev. 2Oath appsec sf 2015 dem rev. 2
Oath appsec sf 2015 dem rev. 2Donald Malloy
 
Strong Authentication - Open Source
Strong Authentication - Open SourceStrong Authentication - Open Source
Strong Authentication - Open SourceDonald Malloy
 
World Digital Finance Hub.pptx
World Digital Finance Hub.pptxWorld Digital Finance Hub.pptx
World Digital Finance Hub.pptxElbekXolmatov
 
Health care system Innovatie Reis Estonia & Finland 2017
Health care system Innovatie Reis Estonia & Finland 2017 Health care system Innovatie Reis Estonia & Finland 2017
Health care system Innovatie Reis Estonia & Finland 2017 Vincent Everts
 

Similar to Future of identity - growing demand (20)

Consumer identity @ Tuesday Update on 1 December 2009
Consumer identity @ Tuesday Update on 1 December 2009Consumer identity @ Tuesday Update on 1 December 2009
Consumer identity @ Tuesday Update on 1 December 2009
 
Open Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital IdentityOpen Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital Identity
 
B12: AMLO | FinTech Situation in Thailand and Offshore and Money Laundering R...
B12: AMLO | FinTech Situation in Thailand and Offshore and Money Laundering R...B12: AMLO | FinTech Situation in Thailand and Offshore and Money Laundering R...
B12: AMLO | FinTech Situation in Thailand and Offshore and Money Laundering R...
 
Fintech Belgium - Meetup on Compliance / KYC - Frank Verhaest - Isabel Group
Fintech Belgium - Meetup on Compliance / KYC - Frank Verhaest - Isabel GroupFintech Belgium - Meetup on Compliance / KYC - Frank Verhaest - Isabel Group
Fintech Belgium - Meetup on Compliance / KYC - Frank Verhaest - Isabel Group
 
Identity Growth Programs
Identity Growth ProgramsIdentity Growth Programs
Identity Growth Programs
 
National identity schemes - digital identity - national ID - eGovernment
National identity schemes - digital identity - national ID - eGovernmentNational identity schemes - digital identity - national ID - eGovernment
National identity schemes - digital identity - national ID - eGovernment
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
 
Smartcard Helsinki Public ID conference
Smartcard Helsinki Public ID conferenceSmartcard Helsinki Public ID conference
Smartcard Helsinki Public ID conference
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019
 
Delivering Imperatives of Modern Organizations Such As Cybersecurity and Open...
Delivering Imperatives of Modern Organizations Such As Cybersecurity and Open...Delivering Imperatives of Modern Organizations Such As Cybersecurity and Open...
Delivering Imperatives of Modern Organizations Such As Cybersecurity and Open...
 
In 2018, Look at Turkey FinTech Landscape and Ecosystem
In 2018, Look at Turkey FinTech Landscape and EcosystemIn 2018, Look at Turkey FinTech Landscape and Ecosystem
In 2018, Look at Turkey FinTech Landscape and Ecosystem
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal system
 
Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?
 
SG(Signgate) PKI Abroad Business
SG(Signgate) PKI Abroad Business SG(Signgate) PKI Abroad Business
SG(Signgate) PKI Abroad Business
 
BCS ITNow 201509 - Identity
BCS ITNow 201509 - IdentityBCS ITNow 201509 - Identity
BCS ITNow 201509 - Identity
 
B11: Central IP & IT Court | FinTech: Legal and Regulatory Challenges (7 Aug ...
B11: Central IP & IT Court | FinTech: Legal and Regulatory Challenges (7 Aug ...B11: Central IP & IT Court | FinTech: Legal and Regulatory Challenges (7 Aug ...
B11: Central IP & IT Court | FinTech: Legal and Regulatory Challenges (7 Aug ...
 
Oath appsec sf 2015 dem rev. 2
Oath appsec sf 2015 dem rev. 2Oath appsec sf 2015 dem rev. 2
Oath appsec sf 2015 dem rev. 2
 
Strong Authentication - Open Source
Strong Authentication - Open SourceStrong Authentication - Open Source
Strong Authentication - Open Source
 
World Digital Finance Hub.pptx
World Digital Finance Hub.pptxWorld Digital Finance Hub.pptx
World Digital Finance Hub.pptx
 
Health care system Innovatie Reis Estonia & Finland 2017
Health care system Innovatie Reis Estonia & Finland 2017 Health care system Innovatie Reis Estonia & Finland 2017
Health care system Innovatie Reis Estonia & Finland 2017
 

Recently uploaded

Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...anilsa9823
 
(TARA) Call Girls Chakan ( 7001035870 ) HI-Fi Pune Escorts Service
(TARA) Call Girls Chakan ( 7001035870 ) HI-Fi Pune Escorts Service(TARA) Call Girls Chakan ( 7001035870 ) HI-Fi Pune Escorts Service
(TARA) Call Girls Chakan ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
WIPO magazine issue -1 - 2024 World Intellectual Property organization.
WIPO magazine issue -1 - 2024 World Intellectual Property organization.WIPO magazine issue -1 - 2024 World Intellectual Property organization.
WIPO magazine issue -1 - 2024 World Intellectual Property organization.Christina Parmionova
 
VIP Call Girls Pune Vani 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Vani 8617697112 Independent Escort Service PuneVIP Call Girls Pune Vani 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Vani 8617697112 Independent Escort Service PuneCall girls in Ahmedabad High profile
 
(SHINA) Call Girls Khed ( 7001035870 ) HI-Fi Pune Escorts Service
(SHINA) Call Girls Khed ( 7001035870 ) HI-Fi Pune Escorts Service(SHINA) Call Girls Khed ( 7001035870 ) HI-Fi Pune Escorts Service
(SHINA) Call Girls Khed ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
Global debate on climate change and occupational safety and health.
Global debate on climate change and occupational safety and health.Global debate on climate change and occupational safety and health.
Global debate on climate change and occupational safety and health.Christina Parmionova
 
CBO’s Recent Appeals for New Research on Health-Related Topics
CBO’s Recent Appeals for New Research on Health-Related TopicsCBO’s Recent Appeals for New Research on Health-Related Topics
CBO’s Recent Appeals for New Research on Health-Related TopicsCongressional Budget Office
 
2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos Webinar2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos WebinarLinda Reinstein
 
Climate change and occupational safety and health.
Climate change and occupational safety and health.Climate change and occupational safety and health.
Climate change and occupational safety and health.Christina Parmionova
 
(PRIYA) Call Girls Rajgurunagar ( 7001035870 ) HI-Fi Pune Escorts Service
(PRIYA) Call Girls Rajgurunagar ( 7001035870 ) HI-Fi Pune Escorts Service(PRIYA) Call Girls Rajgurunagar ( 7001035870 ) HI-Fi Pune Escorts Service
(PRIYA) Call Girls Rajgurunagar ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
Item # 4 - 231 Encino Ave (Significance Only).pdf
Item # 4 - 231 Encino Ave (Significance Only).pdfItem # 4 - 231 Encino Ave (Significance Only).pdf
Item # 4 - 231 Encino Ave (Significance Only).pdfahcitycouncil
 
VIP Kolkata Call Girl Jatin Das Park 👉 8250192130 Available With Room
VIP Kolkata Call Girl Jatin Das Park 👉 8250192130 Available With RoomVIP Kolkata Call Girl Jatin Das Park 👉 8250192130 Available With Room
VIP Kolkata Call Girl Jatin Das Park 👉 8250192130 Available With Roomishabajaj13
 
VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...
VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...
VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...Suhani Kapoor
 
VIP High Class Call Girls Amravati Anushka 8250192130 Independent Escort Serv...
VIP High Class Call Girls Amravati Anushka 8250192130 Independent Escort Serv...VIP High Class Call Girls Amravati Anushka 8250192130 Independent Escort Serv...
VIP High Class Call Girls Amravati Anushka 8250192130 Independent Escort Serv...Suhani Kapoor
 
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
2024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 272024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 27JSchaus & Associates
 

Recently uploaded (20)

Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
 
The Federal Budget and Health Care Policy
The Federal Budget and Health Care PolicyThe Federal Budget and Health Care Policy
The Federal Budget and Health Care Policy
 
(TARA) Call Girls Chakan ( 7001035870 ) HI-Fi Pune Escorts Service
(TARA) Call Girls Chakan ( 7001035870 ) HI-Fi Pune Escorts Service(TARA) Call Girls Chakan ( 7001035870 ) HI-Fi Pune Escorts Service
(TARA) Call Girls Chakan ( 7001035870 ) HI-Fi Pune Escorts Service
 
WIPO magazine issue -1 - 2024 World Intellectual Property organization.
WIPO magazine issue -1 - 2024 World Intellectual Property organization.WIPO magazine issue -1 - 2024 World Intellectual Property organization.
WIPO magazine issue -1 - 2024 World Intellectual Property organization.
 
Call Girls In Rohini ꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCe
Call Girls In Rohini ꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCeCall Girls In Rohini ꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCe
Call Girls In Rohini ꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCe
 
VIP Call Girls Pune Vani 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Vani 8617697112 Independent Escort Service PuneVIP Call Girls Pune Vani 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Vani 8617697112 Independent Escort Service Pune
 
(SHINA) Call Girls Khed ( 7001035870 ) HI-Fi Pune Escorts Service
(SHINA) Call Girls Khed ( 7001035870 ) HI-Fi Pune Escorts Service(SHINA) Call Girls Khed ( 7001035870 ) HI-Fi Pune Escorts Service
(SHINA) Call Girls Khed ( 7001035870 ) HI-Fi Pune Escorts Service
 
Global debate on climate change and occupational safety and health.
Global debate on climate change and occupational safety and health.Global debate on climate change and occupational safety and health.
Global debate on climate change and occupational safety and health.
 
CBO’s Recent Appeals for New Research on Health-Related Topics
CBO’s Recent Appeals for New Research on Health-Related TopicsCBO’s Recent Appeals for New Research on Health-Related Topics
CBO’s Recent Appeals for New Research on Health-Related Topics
 
Delhi Russian Call Girls In Connaught Place ➡️9999965857 India's Finest Model...
Delhi Russian Call Girls In Connaught Place ➡️9999965857 India's Finest Model...Delhi Russian Call Girls In Connaught Place ➡️9999965857 India's Finest Model...
Delhi Russian Call Girls In Connaught Place ➡️9999965857 India's Finest Model...
 
Rohini Sector 37 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 37 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 37 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 37 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos Webinar2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos Webinar
 
Climate change and occupational safety and health.
Climate change and occupational safety and health.Climate change and occupational safety and health.
Climate change and occupational safety and health.
 
(PRIYA) Call Girls Rajgurunagar ( 7001035870 ) HI-Fi Pune Escorts Service
(PRIYA) Call Girls Rajgurunagar ( 7001035870 ) HI-Fi Pune Escorts Service(PRIYA) Call Girls Rajgurunagar ( 7001035870 ) HI-Fi Pune Escorts Service
(PRIYA) Call Girls Rajgurunagar ( 7001035870 ) HI-Fi Pune Escorts Service
 
Item # 4 - 231 Encino Ave (Significance Only).pdf
Item # 4 - 231 Encino Ave (Significance Only).pdfItem # 4 - 231 Encino Ave (Significance Only).pdf
Item # 4 - 231 Encino Ave (Significance Only).pdf
 
VIP Kolkata Call Girl Jatin Das Park 👉 8250192130 Available With Room
VIP Kolkata Call Girl Jatin Das Park 👉 8250192130 Available With RoomVIP Kolkata Call Girl Jatin Das Park 👉 8250192130 Available With Room
VIP Kolkata Call Girl Jatin Das Park 👉 8250192130 Available With Room
 
VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...
VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...
VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...
 
VIP High Class Call Girls Amravati Anushka 8250192130 Independent Escort Serv...
VIP High Class Call Girls Amravati Anushka 8250192130 Independent Escort Serv...VIP High Class Call Girls Amravati Anushka 8250192130 Independent Escort Serv...
VIP High Class Call Girls Amravati Anushka 8250192130 Independent Escort Serv...
 
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service
 
2024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 272024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 27
 

Future of identity - growing demand

  • 1. Future of Identity 1info@bbfa.info Identity Global Context - Growing Demand 1 Sep 16, Tallinn Patrick Curry Patrick.curry@bbfa.info
  • 2. Social Norms • We have social norms of behaviour built over millennia • Society runs on trust = • We act in groups – Individually – Organisationally – Nationally – Internationally • Disruptive change – Villains – Heroes 2
  • 3. Biggest problem – Tower of Babel • We are all affected by the same things • Laws of physics still the same • Yet… A gazillion point solutions • Darwinian outcome certain: – Centralise; or, – Interoperate • Follow the herd • VHS vs Betamax 3
  • 4. eIDAS history • European Digital Agenda Key Points 3 and 16 • EU WG to develop an EU Citizen eID specification • DG HOME Expert Group on ID Fraud. Europol reports ID Fraud top enabler of crime. Council action requested. • Ad hoc eID tech demonstrators leading to STORK • STORK large scale pilot • DG CONNECT project to develop eID interop policy • eIDAS Regulation published. Compliance by Sep 2017. • Comparisons with international standards and regulations. 4info@bbfa.info
  • 5. Legislation • eIDAS. eID Authentication & Digital Signature Regulation – Citizen eID recognised in all Member States for public purposes • NISD. Network Information Security Directive – Data breach notification to regulators and EU • GDPR. General Data Protection Regulation – Pseudonymity – Preventing a person becoming identifiable • 4th Anti Money Laundering Directive – Customer due diligence checking requirements, reporting suspicious transactions, maintain records of payments, combat money laundering & terrorist financing activities – Registers for beneficiary traceability • Payment Services Directive 2 (PSD2) – Expands use of digital payments and cross-border payment flexibility – Expanded scope. Includes new digital payment services – New security, insurance and due diligence requirements 5info@bbfa.info
  • 6. 6 Citizen Consumer Employee - IndustryEmployee - Gov 4 Contexts of Identity Plus: •Device ID •Organisation ID •Software Authentication •Data Authentication
  • 7. ISO/IEC 29115 – Entity Authentication Assurance Framework 7info@bbfa.info
  • 8. The Basic Electronic Credential Lifecycle* Sponsorship Application Initial Verification Proofing documents Full Verification Registration Approve ? Provisioning Order credential Data preparation Data transfer Print credential Data injection into chip Enrolment Validation & Quality check Secure transport Customer notification PIN issuance Customer receipt Authenticate User Authenticate credential Activate credential Issuance Interview Suspend Revoke Use Manage Use (See Trust Framework) Destroy Renew ? Stop N Y Restart (point depends on policy) * Ignores supporting information management
  • 9. Governance • Community of trust. Transparency • Shared objectives • Collaborative governance of risk stakeholders • Liability model • Six elements – Policy Management Authority & Technical Design Authority – Trust Operations – Assurance – Enforcement and trust repair – Company responsibilities – Community & stakeholder management 9info@bbfa.info
  • 10. info@bbfa.info Levels of Assurance  We need to identify ourselves to others, and vice versa, in a wide range of situations and particularly for electronic activities, which may require different Levels of Assurance. 1. LoA 4. Extra measures. 3 factor authentication (with second biometric). Strong hardware token. Optional federated Physical Access Control. Used in highly secure situations. 2. LoA 3.. High confidence in identity. Legally robust non- repudiation. 2 Factor Authentication E.g. employee authentication, digital signature, ID based encryption, secure email. 3. LoA 2. Some confidence of Identity. Expect some failures. Financial liability model E.g. credit cards, Know Your Customer. 4. LoA 1. Self assertion. E.g. mickey.mouse@microsoft.com. 4 Levels Of Assurance
  • 11. Major strategic drivers - national, international, market • Increasing regulations • Consumer centricity & omnichannel • Card/mobile payments • Global supply chains • Cross-sector interactions • Banking and payments systems • Border controls, migration & refugees • Risk management – Opportunity – Cybercrime – Compliance – Complexity – Branding & reputation 11info@bbfa.info
  • 12. 12 Citizen Consumer Employee - Gov Employee - Industry 9/11 HSPD 12 FIPS 201 - PIV FIPS 201 – PIV - Interoperable ITU-T/ISO 24760/29115 Supply chain collaboration CertiPath/SAFEBioPh arma Kantara Initiative Identity Assurance Framework Borders Police NATO SESAR Legal Energy Pharma Aero space 3 4 3 4 1 2 Hardly used = weak business case? OIX Google Facebook 1 1 Credit cards HACC?NFC?? 2 3 2 3 US NSTIC ? Good Federation
  • 13. 13 British Business Federation Authority - office@federatedbusiness.org 13 Potential Gov & Ind CSPs EADS/Cassidian, Citi, Entrust, SAFE/BioPharma, Symantec, Trustis Early Adopters Cross Certified Orgs: MOD NHS NPIA/Police DWP+ LoA 2+ Brokers CertiPath Aero/Def UK PKI Bridge SAFE- BioPharma Potential UK CSPs: Citi, EADS, Entrust, Symantec, (Emerging Bridge) Level 3+ Identity Federations (PKI) - a UK perspective Potential UK CSPs: Citi, EADS, Entrust, Symantec, Verizon Business+ Other Potential National Bridges or CAs: USA, Australia, Canada, NZ, NL, BE, FR, DE, IT+, NO, SWE, ESP Interpol, EU, NATO Any nation could put itself at the centre…
  • 14. Some EU National e-ID initiatives Nation Name Purpose Population LoA Biometrics Features Remarks Estonia ID E-gov, Societal 1.3 M + 4 Face Auth, Sign, Encrypt Estonia E-residency E-gov & business 8M target 3 Nil Auth, Sign, Encrypt 10 k today Belgium .beID Societal 12 M 3 Face Auth, Sign, Encrypt Germany Personal ausweis E-gov 80 M + 3/4 Face Auth, Sign, Encrypt Low adoption of eID France France Connect E-gov Starting 2/3? ? ? UK Verify Limited E-gov 50 M 2 Nil Auth 333 k 1.5 uses/year Austria Personal ausweis E-gov 10 M 3/4 Face Auth, Sign, Encrypt NL DigID E-gov 12 M 3 Face Auth, Sign Tax only Malta E-ID E-gov 400 k 3 Face Auth Voting Ireland ID card Travel 5M 3 Face Auth Requires passport
  • 15. Lessons • Top Lesson. Be clear – is the e-ID to benefit the government or the nation? Legal, benefit and business models are very different. • Cards for e-Gov have a low adoption & usage rates and little value. People forget where they are and how to use them. Gov unable to achieve major savings and have to maintain manual systems • Cards for societal use have reasonable adoption and use, but benefits are not significant • Cards that assist commercial processes (e.g. KYC, AML, company management, contract signing, power of attorney) are highly valued and used. • Cards that can be used across borders are more valued. (High demand for Estonia e-Residency card). Other nations thinking of following Estonian model. • Move to mobile will open more opportunities, reduce operating costs and be more secure. Opportunity for the ID to make money. 15info@bbfa.info
  • 16. Other National e-ID initiatives Nation Name Purpose Population LoA Biometrics Features Remarks Malaysia My Kad E-Gov, societal, bank, email 30 M 4 Face, finger Auth, sign, encrypt 1st e-ID NZ RealMe E-Gov, online services 5 M 3 Face, (video) Auth Japan My Number E-Gov 130 M 3/4 Face, ? Auth, ? Disaster services Korea (New project) E-Gov 40 M 3/4 Face, ? Auth, sign, encrypt Resident Registration Number fraud Singapore E-IC e-Gov, societal, bank 5 M 3/4 Face, ? Auth, sign, encrypt Design stage Nigeria e-ID E-gov, societal 180 M 4 Face, finger Auth, sign, encrypt Agricultural subsidy fraud Kenya (new project) E-Gov 44 M ? Face, finger India Aadhar Societal 1 bn + 3/4 Face, Iris, retina Auth, Sign, Encrypt Largest deployment US NSTIC Industry-led societal ? 2/3 ? Auth Online only. Pilots US 18F E-gov 300 M 3/4 Face, finger, ? Auth, Sign, Encrypt Design stage China Starts 2017 E-Gov or societal 1.4 bn 4 Multiple Auth, ?? Counter fraud
  • 17. Lessons #2 • Top lesson. Go to LoA 3 or LoA 4. • US. Started with Federal & business high assurance PKI. NL followed suit. • NZ. Focusing on identity proofing and biometrics • Industrial Asian countries are mainly LoA 4, which allows for high interaction between society and business. – S. Korean Government and industry PKIs are cross-certified (like NL and EE) – China expanding its PKI. Over 800 Certificate Authorities today – Malaysia PKI for business, links to government – Kenya is likely to expand its MPESA network to support a new e- ID. 17info@bbfa.info
  • 18. National e-ID Choices • Scope – Nation-born citizens – Naturalised citizens – EU nationals – EEA – Foreign nationals – Refugees • Age - Children, old persons • Functions – Authentication, signature, encryption – Proxy, Power of Attorney – Financial, wallet • Use cases – E-gov, tax, pensions & benefits – Health and patient records – Payments – Transport – Travel & border control 18info@bbfa.info Key points • Trade Off – High LoA: High value, functionality, use cases, interoperability, future proofing, reduced risk. But high cost. – Low LoA: Limited use, value and future. Can’t interoperate. Not trusted. High risk but cheap. Liability issues. • Leading nations are basing digital innovation on high assurance e-ID
  • 19. 19info@bbfa.info HMG Office of Government Science report for UK Prime Minister Published 19 Jan 2016 Two ministers leading in HMG Industry collaboration NL and EE participation starting Identity & Access Management essential
  • 20. eResidency has huge potential! • It’s a step ahead of everyone else • What does it need to do to remain ahead? 20info@bbfa.info
  • 21. 10 Major Conclusions 1. Innovate – Clear goals. Learn through success & failure. Use case driven - follow the money. First mover advantage. Make eResidency an eID? More functions? 2. Accelerate – Focus, speed and scale. Smart phones and block chains 3. Differentiate – cross-border e-IDs support high assurance e-IDs in chains of trust, leveraging national e-IDs 4. Federate – with other high assurance IDs 5. Interoperate - data, policy, system interoperability. Re-use. Standards 6. Collaborate – 98%+ of transactions involve industry 7. Communicate – create a community and executive awareness 8. Coordinate – with others 9. Mitigate – Collaborative risks. Brand protection 10. Regulate – privacy and public safety 21info@bbfa.info